Regular Expression Denial of Service (ReDoS) Vulnerability in Minimatch 3.0.1 and Earlier

Regular Expression Denial of Service (ReDoS) Vulnerability in Minimatch 3.0.1 and Earlier

CVE-2016-10540 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. The primary function, `minimatch(path, pattern)` in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the `pattern` parameter.

Learn more about our Web Application Penetration Testing UK.